Open In App

How to Handle the SSL(HTTPs) Certification Path Exception in Android Applications?

Last Updated : 09 Sep, 2021
Like Article

If you haven’t been stung by the below-mentioned exception when running a Java program created by you on your system that connects to an SSL server (HTTPS), be prepared for a bad experience at some time in your development career.

Exception: PKIX path construction failed: Exception: No valid certification path to the specified target could be found.

To contextualize the aforementioned issue, We want to highlight a few scenarios in which you may create a Java application other than Android, Tomcat Server, and JavaFX.

  1. When developing a bot for a product or company.
  2. An Android app that requires data from the server to be retrieved and placed in the assets folder for each build.
  3. Creating a file parser for your needs.
  4. I’m working on ComputerVision projects.
  5. I’m working on machine learning projects.
  6. Making a Java library

GeekTip: If a Java program attempts to connect to a server protected by SSL (HTTPS sites), the above-mentioned exception may occur.

A server that utilizes SSL for identification and encryption delivers a certificate that has been validated by a trustworthy third party such as Verisign, GoDaddy, and a few others. A browser or java client can use this certificate to ensure that they are communicating with the correct site (who it claims to be) and not a redirected proxy site. If we approach a site using a browser, this phase is very obvious since if the SSL certificate is not in the browser’s trusted store, it will prompt us to add it and it will be added. However, when we use a Java program to access a secure site, this stage of the SSL handshake is not visible to the user.

Where are the certificates Validated?

The certificates are validated using JRE’s trustStore. This trustStore is situated in the JDK installation directory, which is referenced to by JAVA HOME ($JAVA HOME/jre/lib/security), and is frequently referred to as “cacerts.” If the certificate given by a secure site is present on JRE’s trustStore, an SSL connection will be created; however, if the certificate is not present, Java will throw an exception (described above), and we will need to add that certificate to trustStore to resolve the issue.

GeekTip: This issue is more frequent on servers that utilize the “Let’s Encrypt” SSL certificate. However, because we are open source enthusiasts, we will utilize it, as well because it is free.

This program attempts to use OkHttp to make an API call to URL (httpbin is an open-source project) and then parses the return JSON into Java POJO model class objects using Gson. I created a JsonParserclass to make parsing simple and general. Now that we’ve established the scenario under which this problem might occur in a Java application, let’s look at how to solve it. As previously stated, the SSL certificate for that site must be added to the JRE’s trustStore. To add the SSL certificate to the JRE’s trustStore, follow the procedures outlined below.

Step #1: Obtain the site’s SSL certificate

The first step is to obtain the site’s SSL certificate. To do so, launch the terminal and navigate to the location where the certificate will be kept. The certificate was stored in the Desktop directory.

openssl s_client -connect <site-url>:443 -servername <site-url> > <saved-certificate-file-name-we-want-to-give>

To quit, press ctrl + z after the command. View the contents of the file in any text editor (such as sublime). It will include the name of the issuing authority, keys, the encryption technique, and other information.

Step #2: Now we place the certificate, i.e. the cacerts, in the keystore. Run the command below to accomplish this

sudo keytool -import -keystore cacerts -alias <alias-name> -file <certificate-file-path>

It will ask you for your password twice, once for sudo and once for the keystore. The keystore’s default password is “changeit.”

Note: If prompted for a new password after entering the “changeit,” use the same “changeit” or change the password and remember it for the future.

Following this command, it will validate the certificate and then prompt you for confirmation. When prompted to “trust this certificate,” enter “y.” Finally, it will output “Certificate was uploaded to keystore.”

Similar Reads

Java Program to Handle Unchecked Exception
Exceptions are the issues arising at the runtime resulting in an abrupt flow of working of the program. Remember exceptions are never thrown at the compile-time rather always at runtime be it of any type. No exception is thrown at compile time. Throwable Is super-class of all exceptions and errors too. Now there is an urgency to deal with them for
4 min read
Java Program to Handle Checked Exception
Checked exceptions are the subclass of the Exception class. These types of exceptions need to be handled during the compile time of the program. These exceptions can be handled by the try-catch block or by using throws keyword otherwise the program will give a compilation error. ClassNotFoundException, IOException, SQLException etc are the examples
5 min read
Java Program to use Catch to Handle the Exception
The exception is the event occurs when the program is executing. Due to this exception, the normal flow of the program will get disrupts. Whenever an exception occurs in the method, the method creates an object and sends that object to the runtime system. For example, the file needs to be open is not found, class not found exception, Arithmetic Exc
3 min read
Java Program to Handle the Exception Methods
An unlikely event which disrupts the normal flow of the program is known as an Exception. Java Exception Handling is an object-oriented way to handle exceptions. When an error occurs during the execution of the program, an exception object is created which contains the information about the hierarchy of the Exception and other information which is
4 min read
Java Program to Handle the Exception Hierarchies
Exceptions are the events that occur due to the programmer error or machine error which causes a disturbance in the normal flow of execution of the program and terminates the program. Exception Handling: The process of dealing with exceptions is known as Exception Handling. Hierarchy of Exceptions: Object class is the parent class of all the classe
4 min read
How to Fix "android.os.Network On Main Thread Exception error" in Android Studio?
The main reason for Network On Main Thread Exception Error is because the newer versions of android are very strict against the UI thread abuse. Whenever we open an app, a new “main” thread is created which helps applications interact with the running components of an app’s UI and is responsible for dispatching events to assigned widgets. The entir
3 min read
How to Install Android Applications in Mobile Phone without USB Cables using Android Studio?
Android Studio is the official integrated development environment for Google’s Android operating system, built on JetBrains’ IntelliJ IDEA software and designed specifically for Android app development. After successfully Setting up an Android project, and write down the necessary codes the next task is to run the application on an emulator or on a
2 min read
Sending email through Java with SSL / TLS authentication
The JavaMail API defines classes that represent the components of a mail system. JavaMail does not implement an email server, instead, it allows you to access an email server using a Java API. In order to test the code presented, you must have access to an email server. While the JavaMail API specification does not mandate support for specific prot
5 min read
How to Install and use SSL Certificate In Python
A secure Socket Layer (SSL) Certificate is a Digital certificate that can be used for the authentication of a website and it helps to establish an encrypted connection between the user and server. SSL is a secure layer that creates an encrypted link between a web server and a web browser. SSL keeps internet connections secure. When an SSL certifica
2 min read
How to Connect to a Database Using JDBC with SSL/TLS?
Connecting to a database using JDBC with SSL/TLS is nothing but it will Setup a secure connection between the Java program(from IDE, for Example: Eclipse) and the database server, and it will ensure that transferring the data between the Java program and database server is protected. Connecting to the database using the JDBC with SSL/TLS involved c
3 min read
Article Tags :
Practice Tags :